The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that architects, developers, testers, security professionals, and even consumers can use to define what constitutes a secure application. In this post,...

Before I joined the Pivot Point Security team, I worked with them on the client side. My former employer engaged Pivot Point on an ISO 27001 implementation project. I was the project manager and primary contact. Having no prior experience with ISO 27001, I had to go...

Editor’s Note: This post was originally published in January 2016 and has been updated for accuracy and comprehensiveness. Yesterday I started hearing some unfortunate noises from the little external hard drive that I use for local backups of my laptop. These “last...

It’s always interesting to me to see how different industries handle vendor risk management. Often when we see a wave of leads/opportunities from a particular industry, we can trace it to new vendor risk management practices (or a new RFP of note) that hit the streets...

Increasingly we are seeing organizations that are deciding to use both ISO-27001 and SOC2 to demonstrate their commitment to information security. Most frequently this is driven by differing contractual requirements imposed upon them by their clients. Fortunately, if...